pgsql-sepgsql-doc-revise.2.patch
application/octet-stream
Filename: pgsql-sepgsql-doc-revise.2.patch
Type: application/octet-stream
Part: 0
diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index 8a01b94..a62f02a 100644
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -198,6 +198,36 @@ SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_
</refsect1>
<refsect1>
+ <title>See Also</title>
+ <para>
+ These modules requires <command>SECURITY LABEL</command> command
+ for their foundation. Also see the section for more details.
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term><xref linkend="sepgsql"></term>
+ <listitem>
+ <para>
+ <filename>sepgsql</> is a loadable module which supports label-based
+ mandatory access control (MAC) based on <productname>SELinux</> security
+ policy.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><xref linkend="dummy-seclabel"></term>
+ <listitem>
+ <para>
+ The <filename>dummy_seclabel</> module exists only to support regression
+ testing of the <command>SECURITY LABEL</> statement. It is not intended
+ to be used in production.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
<title>Compatibility</title>
<para>
There is no <command>SECURITY LABEL</command> command in the SQL standard.
diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml
index db9b64c..4b9e1f3 100644
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@@ -96,11 +96,13 @@ Policy from config file: targeted
<para>
The following instructions that assume your installation is under the
- <filename>/usr/local/pgsql</> directory. Adjust the paths shown below as
- appropriate for your installation.
+ <filename>/usr/local/pgsql</> directory and the database cluster is
+ under the <filename>/path/to/database</> directory. Adjust the paths
+ shown below as appropriate for your installation.
</para>
<screen>
+$ export PGDATA=/path/to/database
$ initdb
$ vi $PGDATA/postgresql.conf
$ for DBNAME in template0 template1 postgres; do
@@ -113,6 +115,17 @@ $ for DBNAME in template0 template1 postgres; do
If the installation process completes without error, you can now start the
server normally.
</para>
+
+ <para>
+ Please note that you may see the following notifications depending on
+ the combination of a particular version of <productname>libselinux</>
+ and <productname>selinux-policy</>.
+<screen>
+/etc/selinux/targeted/contexts/sepgsql_contexts: line 33 has invalid object type db_blobs
+</screen>
+ It is harmless messages and already fixed. So, you can ignore these
+ messages or update related packages to the latest version.
+ </para>
</sect2>
<sect2 id="sepgsql-regression">
@@ -124,7 +137,16 @@ $ for DBNAME in template0 template1 postgres; do
</para>
<para>
- First, build and install the policy package for the regression test.
+ First, setup <productname>sepgsql</productname> according to
+ the <xref linkend="sepgsql-installation">.
+ We intend this regression test is run on the working system using
+ <command>make installcheck</command>, so the server system must be
+ correctly set up to allow current user of shell process to connect
+ database as superuser without authentication.
+ </para>
+
+ <para>
+ Second, build and install the policy package for the regression test.
The <filename>sepgsql-regtest.pp</> is a special purpose policy package
which provides a set of rules to be allowed during the regression tests.
It should be built from the policy source file
@@ -149,7 +171,7 @@ sepgsql-regtest 1.03
</screen>
<para>
- Second, turn on <literal>sepgsql_regression_test_mode</>.
+ Third, turn on <literal>sepgsql_regression_test_mode</>.
We don't enable all the rules in the <filename>sepgsql-regtest.pp</>
by default, for your system's safety.
The <literal>sepgsql_regression_test_mode</literal> parameter is associated